SCADA vulnerability discovery signals need for vigilance

LogRhythm comments on the discovery of a vulnerability affecting SCADA industrial networking systems in as many as 38 countries

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a warning to businesses involved in critical infrastructure following the identification of a vulnerability affecting a number of the world’s SCADA systems. The security team said they had been made aware of a potential buffer overflow vulnerability and are investigating, but in the meantime advised SCADA users to be extra vigilant. The ICS-CERT also said that the product affected is “used in several areas of process control in 38 countries with the largest installation based in the United Kingdom, United States, Australia, Poland, Canada, and Estonia”.

Ross Brewer, vice president and managing director for international markets at LogRhythm, has made the following comments: “Attacks on SCADA systems are becoming increasingly regular and the discovery of this latest vulnerability is yet another example of how vigilant users need to be. If the flaw was to be exploited, the consequences would be devastating, particularly given 38 countries could be affected. It really is the stuff of modern-day nightmares and more needs to be done to ensure these types of security gaps are spotted immediately.

“Control system security has traditionally been limited to physical assets, rather than cyber security, given that when the systems were developed; internet use was yet to be commonplace. However, this has left gaping holes and vulnerabilities, and as some of the most infamous cyber attacks in recent memory have affected SCADA systems, such as the Stuxnet and Flame viruses, it is clear that this now needs to be addressed to avoid a blackout.

“Simply focussing on securing the perimeter is now wholly ineffective – evidenced by the fact the Flame virus took over two years to detect and was missed by 43 separate anti-virus tools. What is instead needed is the ability to identify threats, respond and expedite forensic analysis in real-time. The only way to achieve this is by monitoring all IT systems data continuously and, from there, automatically baseline ‘normal’ behaviour so any anomalous activity can be identified immediately. Without taking these steps hackers will have no difficulty in exploiting vulnerabilities, such as the one identified by ICS-CERT, and then there is no telling the devastation that could ensue.”